Currently, computer systems that run application programs such as word processor, photo editor or spread sheet applications may utilize local storage devices with magnetic or optical storage media for data access and repository. Another approach is to mount a remote storage device to the local system. This can be done using standard Server Message Block (SMB) or also currently known as Common Internet File System (CIFS) protocol to facilitate drive sharing over a computer network. In a local scenario, a user may use a first computer to run an application that may retrieve and store data on a storage device that is local to the first computer. Alternatively, the user may mount a remote storage device (which may be local to a second computer on the network) on the first computer, such that the user can run the application to retrieve and store data on the remote storage device. As a result, the user is not required to reside and use the second computer to access, read, write, and/or print data such as such as documents, pictures or music files stored in a storage device local to the second computer. In a typical scenario, both the first and second computers described are located in a local area network connected via a high-speed data link such as Ethernet, USB, WIFI, or the like.
In both the examples described above, applications on the first computer are primarily designed to rely on having a high-performance (i.e. high bandwidth, low latency) data access to the local and remote storage devices. As a result, many applications do not have optimized data access capabilities because they have insignificant effects on the overall performance of the applications in a high-performance data access environment. For example, the application may query the remote storage device to read or write blocks of data through numerous rounds of serial local network trips. As another example, if the user instructs the application to save the application data (e.g., which may be a document, digital photo, spreadsheet, multimedia data, etc.) on a storage device, the application may do so by rewriting the entire application file without determining which part of the file actually needs modifications in comparison to a previously existing file that the current storage operation is replacing. Because the computers have high-performance data access capability, the user may not notice any significant performance differences in how the application utilizes the remote storage device. Hence, for many applications, having a high-performance data access to storage devices is critically important for proper program execution such as for temporary storage to store intermediate computation results or to ensure reliability of data transactions.
These current techniques, however can be impractical to deploy over a wide area network such as the public Internet. In a local area network, high bandwidth and low latency data network pipes between the computers described above can be provided at relatively low cost. A typical Ethernet local area network can facilitate 100 mbps for both upload and download data transfer rate. However, if those computers were located at different locations in a wide area network such as the public Internet, there would be recurring charges associated with the telecommunication services that would normally be based on bandwidth utilization. As a result, relatively large costs would be required to run existing applications on the first computer with the same or similar high-performance data access to the remote storage device associated with the second computer over a wide area network. Further, it is often not even possible to connect the first and second computers with such high-performance data access capability, depending upon the geographical locations of the first and second computers, and publicly available IP addresses.
The Internet has made large amounts of information available to computer users around the world. A tremendous amount of information is exchanged between individual users via public computer networks, e.g., the Internet, and the volume of such information will likely continue to increase. Additionally, the number and variety of communications devices capable of accessing the Internet, as well as other wide area networks not connected to the Internet are increasing rapidly, as are the number and variety of networks independent of the Internet, and the complexity, size and breadth of the Internet itself.
Since many of these devices operate upon different standards for operating systems as well as even connection and transmission softwares, a result is that it is becoming increasingly complicated and difficult to share files or transfer files from one device to another. For example, it is no simple task for a user to transfer electronic images from a home library of still images of his family, stored on a hard drive of a personal computer (PC), for example, to a personal digital assistant (PDA) to show them to relatives when traveling to their home. While it is possible to upload digitized photos to a web page provided by a photo service center, this solution leave some things to be desired too, since many users may be uncomfortable storing photos of their families on some photo service server in some unknown location where it is also often unknown what level of security (if any) such server is provided with.
Another common problem occurs when an employee needs access to files on his or her computer at work, but is at home, and has no direct access to the files. This often requires a trip to the office to download the files to a portable storage device, such as a floppy disk, CDR, CDRW or flash memory. Although some facilities have installed virtual private networks (VPNs) which would allow a worker in this situation to access his/her files from home, VPNs are expensive, awkward and cumbersome to use, and are simply not currently available to many users
It is not uncommon today for a user to have separate computing systems for business and home use at home, one or more computer systems at work, one or more PDA's, laptops and even one or more cellular phones with data storage capability, all of which may have overlapping data files that the user may wish to access at any given time from any one of these devices. This requires that the common data all be kept current, i.e., with the latest version of each common file, as it is typical to update and edit files. This in itself can be an enormously time consuming and tedious responsibility to frequently synchronize files between all of the devices that maintain a local copy.
Current synchronization solutions, VPNs, as well as the ability to upload files to a central server location do not adequately address the above problems, as they are cumbersome and time consuming to use, and, in the case of VPNs, expensive and not widely available to the average user.
It would be desirable to provide a solution which is easy to use, relatively inexpensive and widely available to allow users to access their information (i.e., data files) wherever they may reside on any network accessible communication device, from any location accessible over that network, using any network accessible device, in a secure mode. This would ensure that only that user (and optionally any other users that the user wished to grant permission to) can access the user's files, even though such access may be made via a public network, such as the Internet, for example. It would be desirable that such a system would provide sufficient security so that no unauthorized users can steal or “hack into” a user's data files while it travels through the public network (e.g., Internet).
It would further be desirable that such a solution would take little or no time to set up and little or no effort or capital to maintain, as IT managers are already overloaded with complexity and time (and money) consuming tasks to maintain their current systems.
Still further, it would be desirable if such a solution permitted secure access by a variety of methods, including DSL, dial-up and cable modems, Ethernet ports (such as from a hotel), wireless (such as wireless Wi-Fi hotspot, or other wireless technologies) and from an Internet café using a temporary machine, as well as from behind different firewalls. The Internet is currently quite accessible and accomplished in offering public access, but is still quite limited in permitting private access.
Remote, secure access of devices through the Internet has presented many problems. Providing secure access to remote devices has typically required setup of a dedicated private network or dedicated virtual private network (VPN) for remote device access. A dedicated server within the private network provides for communication with the Internet, and a dedicated telephone line, digital subscriber line (DSL) or like communication interface is used to connect the device to the dedicated server. Such a system involves costly and difficult installation and maintenance. Connection to the remote access device is typically through a modem connection, and data transfer between the device and remote user is slow. Even where DSL or other broadband capability is available for connection to the remote device, real time data transfer of video streams and data intensive operations cannot be effectively carried out. Remote device access systems have also been deficient in that only a single user can access a remote device at a time. This problem is particularly acute in situations when a customer and a support person at different locations both simultaneously wish to access a remote device at a third location.
Remote access of devices via the Internet or other wide area network in many cases involves a user located within one private local area network, and a device located within another, different private network. Information exchange between private computer networks via the Internet has created various security issues associated with protection of information on the private computer networks. Connection of a personal computer in a private network to the Internet can expose confidential data to unauthorized access or hostile attack from virtually anywhere in the world. Some of the sophisticated types of security threats posed by “hackers” include “logic bomb”, “trapdoor”, “Trojan horse”, “virus” and “worm” programs. Such software programs can work independently or via an invoked host program to breach security, disrupt activity and cause damage by destruction of electronic files, alteration of databases, or introduction of computer viruses which affect the operability of the private computer network, computer hardware connected to the private network, and network-accessible devices within the private network.
One approach to private network security has been the use of “firewalls” embodied in hardware and/or software to protect private local area networks from hostile intrusion from the Internet. A firewall is located generally at the junction point or gateway between a private network and a public network such as the Internet and allows a network administrator to selectively offer access to specific types of Internet services to specific LAN users by filtering inbound and outbound traffic. Nearly every private network now has some form of firewall in place to protect internal data from outside intrusion.
Firewalls may operate by inspection of binary data at different layers of the TCP/IP (Transport Control Protocol/Internet Protocol) hierarchy in order to use different criteria for restriction of traffic. Binary data from the highest protocol layer, i.e., the Application Layer, is encapsulated within lower-level protocols all the way to the physical layer for transmission in network media such as twisted pair wire, fiber optic, cable or wireless channels. Packet filtering firewalls may be carried out at the Internet Protocol or Network layer. Circuit level gateway firewalls work at the TCP or Session Layer, and monitor TCP “handshaking” between packets to determine whether a requested session is legitimate. Application level gateway firewalls or “proxies” are application specific and can filter application specific commands such as http:post and get, which cannot be accomplished by packet filtering or circuit level firewalls. State-full multilayer inspection firewalls can combine the aspects of the above types of firewalls to provide a high level of security.
While firewalls have been largely beneficial for the security of private networks, the implementation of firewalls brings some important drawbacks. Particularly, there is an increasing use of applications that involve data transfer between different, heterogeneous private networks via the Internet. Users increasingly need to make connections from various locations across local-area-networks or wide-area-networks to access data. This is currently typical of even a home user, who may have a local area network in his or her home with a firewall between it and the Internet. Access to the user's work computer presents this problem, as the work computer is most likely on a network behind a firewall at the work location. The firewalls involved will typically be different due to the different security needs and environments involved in the different private networks, and the firewall systems can impose serious limitations to data transfer between the heterogeneous networks.
As mentioned above, one approach to allowing secured connection between local area networks is to employ virtual private network (VPN) systems. However, such VPN systems require expensive and complex installation of additional hardware and/or software at network access locations. The use of VPN systems also require that network administrators for participating networks implement some kind of joint network security policy, which is difficult or impossible in many situations. Furthermore, VPN systems are still an “emerging” technology, and interoperability among different VPN systems imposes limitations to connection of multiple private networks. Still further, VPNs may restrict some wireless access.
Examples of other efforts at providing remote access to data include those made by pcAnywhere (Symantec) and GoToMyPC™ (https://www.gotomypc.com/), each of which offer software solutions that give desktop control; i.e., allowing the user to control the user's desktop remotely. The user logs in to a remote desktop, then accesses a file structure of the remote machine, clicks on the file or files the user is interested in accessing, then clicks on the user's own local site on the current machine where the user wants the file or files to be stored. The software then transfers the file or files to the user's current (local) machine. When the user is finished with the files, the files are then re-transmitted back to the remote machine from which the files were downloaded. This is not intuitive and it also requires significant amounts of bandwidth, since entire files must be transferred. If the files contain graphics, video or other data requiring a large amount of storage space, these solutions can become virtually unusable, particularly if the user is on a dial up modem connection. Even if the files to be transferred are strictly text, these solutions require a great deal of bandwidth just to control the video, since the “remote desktop” that appears at the user's device is a video image of the desktop that is being remotely accessed. These products are fundamentally dependent upon sending computer screen display data, as noted, and have significant difficulty, if at all possible, in connecting to various non-Windows® based devices such as PDAs, cellular phones, MP3 players, home entertainment equipment, industrial controls and home appliances.
To use pcAnywhere or GoToMyPC™ a user must log in to the web site of either of these services, and then get a picture of the remote desktop. From the desktop, the user sees a file structure, and can navigate into the file structure to select a file or files to be transferred. Once selected, the file is transferred to the user's local computer. These solutions do not perform any synchronization or updating, but merely send the entire file or files, lock, stock and barrel, both ways. Nor do either of these products address the problems presented in communicating between two computers, each of which are located behind firewalls having different criteria for restricting communications traffic therethrough.
Many companies do not want their employees to store all of their sensitive data that they need to use when away from the office locally on a portable device, because this poses a security risk with the possibility that the portable device may be stolen. Although it is possible to encrypt such data, this requires additional time, expense and effort, and is cumbersome. Thus, a solution is needed that enables rapid, secure access to such information from a remote location (such as the office, in this example) to a local user (e.g., the employee who is on travel).
Some Microsoft operating systems provide the ability to mount drives (e.g., remote devices) other than the ones that are locally present at the site where a user is operating from. These “virtual drives” are located physically on some other computer system and may be accessed through a central server, wherein each user computer can connect locally to the central server. In such an arrangement, a local user can store data at local drive or store it centrally on the server. However, if a remote device is behind a firewall, this solution does not allow access to the remote device, and generally a VPN is installed to permit access. Further, if a user is not set up with the Microsoft solution discussed above, and has two or more devices using the same data file or files, the user must frequently synchronize the data among the devices. The synchronization process is very time consuming, and doesn't always work on the first try. If the synchronization stalls or crashes part way through, the user must start all over again performing the entire synchronization task. This can be very frustrating when a crash occurs after 90% completion of a synchronization operation, for example.
There is accordingly a need for a system that allows quick and easy communication between users and remote, network-enabled devices, that allows collaborative use of remote devices by multiple users, that is simple and inexpensive to install and maintain, that provides secure communication between firewall-protected private networks, as well as non-firewall protected computers and devices, and which is generally compatible with emerging, increasingly important applications such as remote access to a user's files and directories, synchronization of files, backup of files and controlling and monitoring functions for remote devices. The present invention satisfies these needs, as well as others, and generally overcomes the deficiencies found in the background art.